online security computer view from outside

[ricohard257]

hello guys, first i want start by congratulate all Linus tech tips for all the content made up to this point.

my request/suggestion its a bit off topic to the traditional channel content but i would like to see reviews on network security setups.

one of the main concerns of computer gamers its ability to game nevertheless with the amount of online user account base games and in apps purchases, user security has become more relevant.

99.99 of computer gamers access directly the internet with their device and not having no security in between their devices and internet, installing just an antivirus and expect to be secured online is ridiculous these days.

most of computer rigs these days have the capacity of creating quite a few low level performance virtual machines that would significantly increase their security far beyond any antivirus could do just by hiding your devices IP's and other device ID's that can be easily tracked by the users cookies sessions which is easily copied with phishing websites, etc and subsequentially hacked.

 

this is what i would like see addressed in your channel  if possible, im sure you will have a lot of views inside and outside of the gaming community 

[LAwLz]

4 hours ago, ricohard257 said:

99.99 of computer gamers access directly the internet with their device and not having no security in between their devices and internet

Source? Not sure how it is in other countries but here in Sweden, most people got routers running PAT. They are not directly reachable from the Internet. 

 

4 hours ago, ricohard257 said:

 installing just an antivirus and expect to be secured online is ridiculous these days.

Is it really? That's what I do and I'm fine. What tips would you suggest? 

 

4 hours ago, ricohard257 said:

most of computer rigs these days have the capacity of creating quite a few low level performance virtual machines that would significantly increase their security far beyond any antivirus could do just by hiding your devices IP's and other device ID's that can be easily tracked by the users cookies sessions which is easily copied with phishing websites, etc and subsequentially hacked.

Can you explain how a VM would hide your IP and cookies (and from whom is it hidden)?

[ricohard257]

the virtual machine is used as a proxy server, active firewall, etc

 

[LAwLz]

2 minutes ago, ricohard257 said:

the virtual machine is used as a proxy server, active firewall, etc

I still don't understand how that would increase security or do things like hide your IP from potential threats.

[Lurick]

5 minutes ago, LAwLz said:

Source? Not sure how it is in other countries but here in Sweden, most people got routers running PAT. They are not directly reachable from the Internet.

PAT/NAT is not security but the built in firewall that uses reflexive ACLs that's on pretty much every consumer router out there sure can be considered one though. It's not perfect but it's definitely not letting things in unless you enable UPNP or forward all the ports

 

4 minutes ago, ricohard257 said:

the virtual machine is used as a proxy server, active firewall, etc

 

You mean a proxy server behind the same ISP where your computer is? That's going to do what exactly? An active firewall is built into just about every combo unit and consumer router on the market....

[Helpful Tech Witch]

you do know that most computers have 

1 their own firewall

2 good antivirus

 

and that most routers dont just expose a pc directly to the internet right?

[LAwLz]

12 minutes ago, Lurick said:

PAT/NAT is not security but the built in firewall that uses reflexive ACLs that's on pretty much every consumer router out there sure can be considered one though. It's not perfect but it's definitely not letting things in unless you enable UPNP or forward all the ports

I feel like you're trying to be this guy right now:

 

 

But PAT actually do provide security. 

Even if I were to make an "allow any any" rule from the internet to my inside network, you would have no way of actually addressing my PC because of PAT. You simply can't construct a packet that will reach my router and then be forwarded to my PC. 

 

It's not a security feature, but it does provide security in this regard. 

 

Also, do consumer routers really use reflexive ACLs? Pretty sure they got stateful firewalls these days. 

I don't know much about how consumer routers work these days so I might be wrong and they might just do primitive reflexive access lists.

I kind of doubt it though since the router my ISP provides is the same one they provide to VoIP customers. Since that uses SIP it would just fail if it was a reflexive access list. Same for FTP traffic. Maybe they have built in some hack to get it working, but considering how powerful consumer routers are these days I just don't see the point. 

[ricohard257]

guys regardless what been said here already hiding your machine from outside visibility is the best solution, you can make things so convoluted that your own devices wont be able to see each other on the same intranet, allied to a dmz and good luck to most hackers since cookies sessions isn't stored on your physical device, hackers may access your vm but never your physical machine, all vms are reset to default on each boot which can occur every 10  mins so no hidden software, use cia/nsa network models. in those agencies computers can access the internet but no computer is visible from the internet making difficult to hack a machine which isnt there to be hacked, masks and sub masks can change per machine query making impossible an ip ddos and other attacks 

[wasab]

8 hours ago, ricohard257 said:

guys regardless what been said here already hiding your machine from outside visibility is the best solution, you can make things so convoluted that your own devices wont be able to see each other on the same intranet, allied to a dmz and good luck to most hackers since cookies sessions isn't stored on your physical device, hackers may access your vm but never your physical machine, all vms are reset to default on each boot which can occur every 10  mins so no hidden software, use cia/nsa network models. in those agencies computers can access the internet but no computer is visible from the internet making difficult to hack a machine which isnt there to be hacked, masks and sub masks can change per machine query making impossible an ip ddos and other attacks 

If you use a router, it has a firewall. Any unsolicited inbound connections outside the local network(LAN) will be dissolve into random electrons unless you configure your router for port forwarding. This means all your devices that are connected to your router is invisible to everyone outside the LAN, any online attackers will not be able to see, much less commmunicate with your devices at all. They will need to get into your local network, by cracking your wifi password or directly connect an ethernet cable into your router first. The most they can do is ping your router(assuming your router will even respond) via your public ip address provided by your internet service provider and thats it. Even if they do crack and get into your local network, many devices and computers have their own internal firewalls to block out unsolicted inbound connections.

 

What you are really confuse is the outbound connection. I think that is what you mean by "directly connecting to the internet"? In this case, no one is connecting to your computer from the outside, rather it is your computer trying to connect to the outside instead. Your computer initiates like say a http connection to a sever, your router then acts as the gateway to/from the global web to your private LAN, then the requested resources are sent back by the server and consume by you the end user, again with rotuer acting as a gateway. I dont see how this pose as a secruity risk. You do need to connect to the world wide web to consume any online contents and services and it is you that decides who and what you are connecting to. If you are scare of that, just unplug your internet cable and go offline. Simple as that. 

[Needfuldoer]

You can set up all the self-destructing VMs you want, but all you're going to do is delete client-side data like tracking cookies.

 

Nothing you run inside your LAN will hide your public IP address. You have to run a VPN for that, which just redirects all your network traffic through a third party.

[Lurick]

13 hours ago, LAwLz said:

I feel like you're trying to be this guy right now:

 

 

 

But PAT actually do provide security. 

Even if I were to make an "allow any any" rule from the internet to my inside network, you would have no way of actually addressing my PC because of PAT. You simply can't construct a packet that will reach my router and then be forwarded to my PC. 

 

It's not a security feature, but it does provide security in this regard. 

 

Also, do consumer routers really use reflexive ACLs? Pretty sure they got stateful firewalls these days. 

I don't know much about how consumer routers work these days so I might be wrong and they might just do primitive reflexive access lists.

I kind of doubt it though since the router my ISP provides is the same one they provide to VoIP customers. Since that uses SIP it would just fail if it was a reflexive access list. Same for FTP traffic. Maybe they have built in some hack to get it working, but considering how powerful consumer routers are these days I just don't see the point. 

Nah, not trying to be that person, just making the statement because a lot of people claim NAT/PAT is all the security you need when it's pretty easy to get through it. I agree it helps but that alone isn't security in the true sense. You are right though, most probably use a stateful firewall these days, I was thinking of something else but at the very least they would use a reflexive ACL or something similar

I know the AT&T "modem" I've got does reflexive ACLs for IPv6 traffic or something pretty damn close, lol

[tkitch]

First off, any enthusiast has more than 0 protection.

1) We have a hardware firewall built into our Router.  (And hopefully, not using the 'free' router from the ISP, those are usually trash, and have documented security holes.  Any aftermarket solution should be less vulnerable.)

2) Software Firewalls - Windows has a built in firewall that's not all that bad.  Are there better?  Of course, but this one's installed automatically.

3) Windows Defender is all the AV anyone needs today.  Full stop.  It uses the same definition files that any other "purchased" AV does.  

 

Can you go farther?  Of course you can, but unless you're running stuff that's worth 6+ figures, you're not interesting enough to be worth a dedicated attack to get past multiple layers.

Of course, you could spend half a million dollars on security, and still get hacked.  Because users are the weak point.  

[ricohard257]

tkitch that is true, being relative safe if you not specifically target by no hacker, if you are being attacked by massive program hack bots but any human hacker can bypass those standard, default security settings since these default standards are commonly known and reversed engineered for hacking attacks 

 

Multi-Cloud Data Services Cyber Recovery eBook (delltechnologies.com) this is security anything else is crap 

 

 

 

[ricohard257]

19 hours ago, LAwLz said:

I feel like you're trying to be this guy right now:

 

 

But PAT actually do provide security. 

Even if I were to make an "allow any any" rule from the internet to my inside network, you would have no way of actually addressing my PC because of PAT. You simply can't construct a packet that will reach my router and then be forwarded to my PC. 

 

It's not a security feature, but it does provide security in this regard. 

 

Also, do consumer routers really use reflexive ACLs? Pretty sure they got stateful firewalls these days. 

I don't know much about how consumer routers work these days so I might be wrong and they might just do primitive reflexive access lists.

I kind of doubt it though since the router my ISP provides is the same one they provide to VoIP customers. Since that uses SIP it would just fail if it was a reflexive access list. Same for FTP traffic. Maybe they have built in some hack to get it working, but considering how powerful consumer routers are these days I just don't see the point. 

if you actually made this pic, then you have a future on NFT's 

[wasab]

1 hour ago, ricohard257 said:

tkitch that is true, being relative safe if you not specifically target by no hacker, if you are being attacked by massive program hack bots but any human hacker can bypass those standard, default security settings since these default standards are commonly known and reversed engineered for hacking attacks 

 

Multi-Cloud Data Services Cyber Recovery eBook (delltechnologies.com) this is security anything else is crap 

 

 

 

no security measures can protect you if users just go off downloading malwares. Also, that pdf you linked is the cloud. Most cloud servers are vitualized machine(VM) running on a hypervisor. If you think creating VMs can secure a computer, why would you link a pdf that is about security issues on systems that are virtutalized? 

 

Data in a virtual machine is still data. Lets say an attacker hack into your virtual machine which has all your credit card logins and steal/downlad all of them to their own computer. Lets say you figure out you have been hacked, you destory your virutal machine, does that "unstole/unhacked" your credit card logins? 

[ricohard257]

46 minutes ago, wasab said:

no security measures can protect you if users just go off downloading malwares. Also, that pdf you linked is the cloud. Most cloud servers are vitualized machine(VM) running on a hypervisor. If you think creating VMs can secure a computer, why would you link a pdf that is about security issues on systems that are virtutalized? 

 

Data in a virtual machine is still data. Lets say an attacker hack into your virtual machine which has all your credit card logins and steal/downlad all of them to their own computer. Lets say you figure out you have been hacked, you destory your virutal machine, does that "unstole/unhacked" your credit card logins? 

lmao vm proxy server does not store any disk data, desktop environment, etc its a proxy for external connection, a fancy redirect to hide physical machines, furthermore if the vm only exists per query how can any hack exists since each new query is a brand new vm  

[wasab]

1 hour ago, ricohard257 said:

lmao vm proxy server does not store any disk data

if you are using a proxy, where does the data proxy to? your own computer. they will still hack you. Why? becuase it is your own computer getting hacked, not the proxy.

 

[ricohard257]

1 minute ago, wasab said:

if you are using a proxy, where does the data proxy to? your own computer. they will still hack you. 

 

a proxy like the name states is not the actual and i specifically said disk data but i give up discussing with you guys, you just want stir arguments for visibility 

[wasab]

7 minutes ago, ricohard257 said:

a proxy like the name states is not the actual and i specifically said disk data but i give up discussing with you guys, you just want stir arguments for visibility 

simple proxy just reroutes your traffic. Your own router is itself a proxy server. it passes data from one machine to another. If you think that is insecure, i do not know what proxy you are talking about will actually secure your data. 

[ricohard257]

9 minutes ago, wasab said:

simple proxy just reroutes your traffic. Your own router is itself a proxy server. it passes data from one machine to another. If you think that is insecure, i do not know what proxy you are talking about will actually secure your data. 

proxy only submit requests, you don't even need a disk just dump memory but you keep thinking that a hub, modem, switch is the same as a proxy server and use your machine to contact directly to the internet 

[wasab]

2 hours ago, ricohard257 said:

 you keep thinking that a hub, modem, switch is the same as a proxy server 

Because it is? If you configure port forwarding, your router is essentially a proxy server. Router has its own persistent storage, ram, processor, operating system, and most with an inbuilt webserver as well. 

Quote

proxy only submit requests, you don't even need a disk just dump memory

Let's assume that is true, how does that prevent hacker from stealing data on your machine? Physical or virtual?

 

Let me make this simple for you. If you download malware from the internet through a proxy, that malware will go onto your computer, regardless it is a virtual machine or not, regardless if through a proxy, vpn, heck, even someone else's computer or not, as long as it goes onto your computer and executes. 

 

Once it is there and steal your data, your data is stolen. If it is a virtual machine, you can just delete it to get rid of the malware, if it is physical, reformate the drive or just throw it out and buy a new computer if you want to go nuclear. 

 

either way, you are hacked and your data is stolen and published somewhere on the deep web. 

 

See? Proxy, virtual machine, ect, makes no difference. If it is a phishing scam and you fell for it, nothing will prevent you from being hacked because you literally just told them your password and all your credentials. 

 

If it is just malware, it is very easy to fix as long as you have backed up your data and restore from it after you reformat your drive. If your sensitive data is stolen then you are SOL. It is hacked and can't be reverse. 

[wseaton]

Wasab for the win.

 

You people watch too many movies and this thread illustrates the same issues I have with corporate level security. Everybody is running around and farting around with layer 4 when legit hackers, malware and ransomware exists almost entirely as layer 7 entities.

 

Hackers and bots don't go after ports, IP addresses and firewalls. They go after software behind those layers. Also, the vast majority of business level breaches I've had to deal with were caused by somebody clicking on an email link or downloading something stupid. The rest were caused by stuff like unpatched VOIP systems. Every company I've had to scrub ransomware off had a pretty good firewall in place. Again, Firewalls by definition are primarily layer 4 devices. Ransomware is layer 7. 

 

Active hacking attempts are rare. Hackers want money, and they focus their efforts on businesses, not gamers and home users. When the later get nailed its because they clicked on something they shouldn't. They actively caused the issue. 

 

Also, if you have a device on the internet it has an IP address. You can hide it from broadcast, or responding to a ping, but if you are receiving data you have an inbound internet accessible IP. Roving bots will find it, but if there isn't anything sitting vulnerable on those ports (ergo RDP servers on 3389 with admin accounts using 'pa55w0rd' as a password) you are typucally fine.

 

Even with log4j causing a lot of red faces nobody is learning. 

 

My biggest concern is if things get dicey in Ukraine is all those Wargaming clients on PCs. First thing I would uninstall.

[Needfuldoer]

4 hours ago, wseaton said:

You people watch too many movies and this thread illustrates the same issues I have with corporate level security. Everybody is running around and farting around with layer 4 when legit hackers, malware and ransomware exists almost entirely as layer 7 entities.

Layer 8 is the most vulnerable to security breaches, and there's no way to make it completely 100% secure.